>David, > >That's good info in the article. But my question was does the >keytool-generated file expire as well when the underlying cert >(LetsEncrypt or self-signed cert) expires? Or can I simply renew the >underlying cert without having to re-execute the keytool step each time >the cert auto-renews? >
Short answer - I don't know. But a couple of thoughts:- 1) That keytool command completes as you snap your fingers, it's not an intensive thing. 2)LetsEncrypt for https, I totally get (and use it myself); you do not want people having to ignore browser warnings to see your web site. I don't see it as an issue with imaps though. Dovecot is another imap server and depending on which version/distro you use, for imaps it comes with a certificate or offers a script to create one. Seems to me that using keytool is just the equivalent for James - I guess you could also use openssl, which dovecot uses. I just checked that and saw the cert expires after 365 days, so I've certainly run on an out of date cert at times even if I'm not doing it now. :-) Do I care? No, my webmail program doesn't check the cert for validity - it runs on the same machine as dovecot so that is hardly a serious issue - I just want the encryption. I'm pretty sure there's no problem with sylpheed either, although it's a good while since I used it. May be things like thunderbird check cert validity? Not sure. How many people are going to access their email on your server? It's not like a web page which is for the whole world. -- David Matthews [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
